Configure Personal SSID Authentication

This option requires all users to authenticate by entering the same pre-shared key.

• Select WPA3 (SAE) to negotiate using WPA3 with clients. If all the wireless clients support WPA3, it is a better choice than WPA2.
• Select WPA2-(WPA2 Personal)-PSK to use WPA2 for key management. WPA2 supports PMK caching and pre-authentication, whereas WPA does not.
• Select WPA-PSK to use WPA for key management. WPA does not support PMK caching or pre-authentication, but if the clients were released before IEEE 802.11i was ratified and they support WPA (not WPA2), this option allows the Extreme Networks devices to support them.

The Encryption Method for WPA3 and WPA2 is CCMP (AES). Counter Mode-Cipher Block Chaining Message Authentication Code Protocol (CCMP) uses AES (Advanced Encryption Standard) encryption. CCMP provides message integrity by combining counter mode with CBC (cipher block chaining) to produce a MAC (message authentication code).

Note

When the SSID is configured for WPA3 (SAE), the encryption method is always set to 128-bit encryption.

The Encryption Method for WPA-PSK is TKIP. Temporal Key Integrity Protocol (TKIP), uses RC4 as its cipher and provides a rekeying mechanism. TKIP ensures that every data packet is sent with a unique encryption key, which is a combination of an Interim Key/Temporal Key and a Packet Sequence Counter. TKIP provides more secure encryption than Wired Equivalent Privacy (WEP), and works on older or legacy WEP hardware with minor upgrades.

Note

ExtremeCloud‌ IQ supports TKIP only for AP3000, AP3000X, AP4000, AP4000U, AP5010, AP5010U, AP5050D, AP5050U models.

The Key Typeis ASCII Key.